libpng-1.6.37-12.el9_7.2

エラータID: AXSA:2026-246:05

Release date: 
Tuesday, March 3, 2026 - 11:06
Subject: 
libpng-1.6.37-12.el9_7.2
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-22695
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
CVE-2026-22801
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.

Solution: 

Update packages.

CVEs: 
CVE-2026-22695
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.
CVE-2026-22801
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.
CVE-2026-25646
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.
Additional Info: 

N/A

Download: 

SRPMS
  1. libpng-1.6.37-12.el9_7.2.src.rpm
    MD5: a943126358c0c8c9963601fabfc29528
    SHA-256: bd09c298d5a7f3ed89601a601b806f0dd51f0d30906f4a26ad54a4fbe4e3ad12
    Size: 1.46 MB

Asianux Server 9 for x86_64
  1. libpng-1.6.37-12.el9_7.2.i686.rpm
    MD5: 81b16252aeec9a283fbdbe0daacb5b41
    SHA-256: a2751f6c9170e55764ea9a009690c6d5ca95ce91bf4e43d1c3da72cdea1d61bf
    Size: 123.89 kB
  2. libpng-1.6.37-12.el9_7.2.x86_64.rpm
    MD5: 42d24c10d91258185c5fa0cf04da308c
    SHA-256: 6a69df8db3e88e920d74c9ca831dbbdcfac2a09c4b2fe25b5bb8ce94e0196459
    Size: 115.28 kB
  3. libpng-devel-1.6.37-12.el9_7.2.i686.rpm
    MD5: 5008d82612729131a093ad70d2c59cff
    SHA-256: 70c9d0d6fd5df5ff8c44d4db6cb6055ae048624dcb507ffb02c050e5cfb1043a
    Size: 294.58 kB
  4. libpng-devel-1.6.37-12.el9_7.2.x86_64.rpm
    MD5: 14cdeed0cc3ed6e7232326b58407b585
    SHA-256: dcc1b273f86f40d267fb145f087d3c9d85deca072325ddaad04f49b598a21d48
    Size: 293.50 kB